Abstract
Web services have grown up and developed a considerable potential: They are based on an open, dynamic exchange of data. Their openness is their greatest plus and contributed to their wide acceptance. This openness, however, and the resulting lack of security is at the same time the barrier that prevents web services from being used on a broad basis. Web services have to become safe if they are to transmit sensitive data securely.
The prerequisites for the secure electronic exchange of data and information are confidentiality, integrity, and reliability. The adequate means to meet these demands are encryption and the digital signature on the basis of cryptographic methods. A Public Key Infrastructure (PKI) provides the adequate software, protocols, and standards. If web services are to be protected comprehensively and on the long run, a PKI is needed. Establishing and operating a PKI, however, is a complex task requiring different protocols on the client side — and not all application programs respectively application terminals are able to meet these requirements.
New approaches enable the easy communication with a PKI. Web services and the Simple Object Access Protocol (SOAP are easy means to make use of remote services within a Service Orientated Architecture (SOA). The XML Key Management Specification (XKMS defines a protocol with which keys can be validated and managed on the basis of XML via web services. The resulting advantages make using a PKI easier and leaner. In this work, the XKMS specification is introduced, its functional principle is explained, its advantages and disadvantages are described, and an insight is provided into the realization of a SKMS responder in the framework of the TrustPoint project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
W3C: XML Key Management Specification (XKMS 2.0), Candidate Recommendation 5 April 2004, http://www.w3.org/TR/xkms2/
M. O’ Neill: Web Services Security, Osborne (2003)
A. Nash, W. Duane, C. Joseph, D. Brink: PKI E-security implementieren, mitp (2002)
J. Snell, D. Tidwell, P. Kulchenko: Webservice-Programmierung mit SOAP, O’Reilly (2002)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2004 Friedr. Vieweg & Sohn Verlagsgesellschaft/GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Baer, D., Philipp, A., Pohlmann, N. (2004). Web Service Security — XKMS (TrustPoint). In: ISSE 2004 — Securing Electronic Business Processes. Vieweg+Teubner Verlag. https://doi.org/10.1007/978-3-322-84984-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-322-84984-7_25
Publisher Name: Vieweg+Teubner Verlag
Print ISBN: 978-3-528-05910-1
Online ISBN: 978-3-322-84984-7
eBook Packages: Springer Book Archive